International Journal of Computer Applications (0975 – 8887) Volume 109 – No. 4, January 2015 21 Use Case Application in Requirements Analysis using Secure Tropos to UMLsec - Security Issues Mohammad Nazmul Alam Department of CSE, University of Science and Technology Chittagong USTC, Foy’s Lake, Chittagong, Bangladesh Sohrab Hossain Department of CSE, University of Science and Technology Chittagong USTC, Foy’s Lake, Chittagong, Bangladesh Kazy Noor E Alam Siddiquee Department of CSE, University of Science and Technology Chittagong USTC, Foy’s Lake, Chittagong, Bangladesh ABSTRACT Information Systems Security is one of the most critical challenges presently facing nearly every one of the organizations. However, making certain security and quality in both information and the systems which control information is a difficult goal necessitating the mixture of two wide research disciplines which are typically separate: security engineering and secure software engineering. Security engineering has an extensive history, and has focused generally on providing advances in security models, techniques and protocols, but it remains in a steady state of the development. Secure software engineering, however, has emerged relatively recently, but is growing quickly and is paying attention on the integration of security into software engineering techniques; models and processes, in order to build up more secure information systems.The main aim of this paper is to show the requirements analysis using Secure Tropos to Umlsec. Secure tropos is a security oriented extension of tropos methodology and UMLsec is a security oriented extension of standard UML model. To do this we identify different transformation rules and we apply these rules by identifying different steps. We use kent Modeling Transformation Language as a Transformation Language to transform the secure tropos model to UMLsec model and then finally we use a case study to exemplify these rules. General Terms Transformation Language, Requirement Captures, Information Systems Security & Issue. Keywords Use Case, UMLsec, Tropos, Actor, Goal. 1. INTRODUCTION Software is becoming more and more useful in our everyday life. We are using software systems in every aspects of the human society. Its vast usability day by day is creating more complex and the consequence the developer and the user facing new problems everyday in the real world situation. Widely use of information and sensitive data it is needed to keep secure the information that not only useful for the organizational purpose but also for individual users. So therefore security requirements are one of the most crucial issues for the development of the critical software systems. However it is also equally important that the systems are developed that meets the user needs [2]. If it is not fulfill the user criteria why they need it. However traditionally, security would not be considered as a vital issue when developing the system. the software industry emphases on the reliability and performance of the software rather then security issues of the software and it takes a little account after the definition of the system [2] as a result security may conflict and consequence leads to problems to human life, financial infrastructure, personal privacy and so on. Moreover security requirements differ from user requirements so it varies from one system to another [1].but typically common principle of security is user authentication for confidentiality, Integrity for the preventing of unauthorized alteration and availability for the preventing of unauthorized withholding of information or resources [3].Security engineering is now thought one of the branches in the software engineering development process. Traditionally it was different research area of investigation and that apart from software engineering and as a result security was not considered during the software development life cycle (SDLC) [2]. 2. TROPOS METHODOLOGY Tropos is a software development methodology adapted to describe both the organizational environment of a system and the system itself.Tropos adapts the i* modeling framework [4] which uses the concepts of actors, goals,tasks,resources and social dependencies for defining the obligations of actors(dependees) to other actors(dependers).Models in tropos are acquired as instances of a conceptual meta-model resting on the following concepts. An actor models entity that has strategic goals and intentionally within the system or the organizational setting. An actor represents a physical or a software agent as well as a role or position [4] .A Goal represents actor‟s strategic interests. There is hard goals and soft goal. There is no difference between hard goals and soft goals except the soft goal having no criteria for decide whether they are satisfied or not. Soft goals are typically used to model non functional requirements. A Plan (also known as task) represents, at an abstract level, a way of doing something. The execution of a plan can be means for satisfying a hard goal or a soft goal. A resource represents a physical or an informational entity. The main difference with an agent is that a resource has not intentionality. A dependency between to actor indicates that one actor depends, for some reason, on another in order to attain some goal, execute some plan, or deliver a resource. The former actor is called the depender while the later is called the dependee.the object around which the dependence centres is called the dependum[2].There are four main phases of software development that covers tropos methodology. These are early requirement analysis, late requirement analysis, Archetectural design and detailed design. Early requirement analysis concerns with the initial study to understand the problem an existing organizational setting. The production of this stage is an organizational form, which identifies related actors, their particular dependencies and the